Re: shell script

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

mark wrote:

Ok, I've never had to create a thousand new users....

Paul M. Whitney wrote:

In that wrapper script, you could also generate a changeme type password but
also append some unique character to each one such as first and last letter


Or the student's ID would work (unless the college uses SSN (WHICH THEY SHOULD
NOT), in which case it's back to generating one.


Sorry to be pedantic but..
Student ID ? easy to get - 'hi, whats your student ID number ?' or 'hey, can I see your student ID card', people don't treat these things as 'private' and if you are using this as a first time password, it would be relatively trivial to crack if someone were determined.
And appending a couple of characters ? it would take seconds for a dictionary bash to go through every possible combination, and while this _may_ show up in the logs, how often do you sit at your desk simply watching logs scroll, I am guessing you have real work to do. 


in the user login or append the UID to the password. However you approach
it, you can still use the convention of creating multiple cookie-cutter
passwords, but also give them "some" uniqueness to "lessen" account
compromise.
as soon as you work out a password 'system' then someone can reverse engineer it and exploit it, completely random, changed on first login, alpha numeric with special characters and at least 8 characters long.
pair them with the username in a file somewhere, print them out, cut the resulting print out up and hand them to the students when they first arrive. If the student cant find it within themselves to type 8 characters on a keyboard when they first arrive then they don't deserve to use the computers. 



Also, you may want to automatically lock any account that is not used in
some fixed amount of days such as 30/45/60 so something like that. 

For a college, I'd think 15 or 20 days.
This has little to do with assisting in preventing account compromises as most accounts would be compromised within the 15 day period :-)
Can still be a good idea at times tho just to assist in system cleanup - be careful tho that the system is turned off over the break periods :-) 

--
Steve.

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]

  Powered by Linux